Resources

Una a useful selection of different sources and tools for Industrial Cybersecurity.

Tools

  • SMOD:  modular framework with every kind of diagnostic and offensive feature you could need in order to pentest modbus protocol. It is a full Modbus protocol implementation using Python and Scapy. This software could be run on Linux/OSX under python 2.7.x.
  • ꓘamerka GUI: ultimate Internet of Things/Industrial Control Systems reconnaissance tool. Powered by Shodan – Supported by Binary Edge & WhoisXMLAPI
  • S7scan:  scans networks, enumerates Siemens PLCs, and gathers basic information about them. (e.g.: PLC firmware and hardware version, network configuration, and security parameters)
  • Armitage: graphical interface over Metasploit that allows to deploy exploits in an easy and intuitive way.

Communities

  • X.com (Formerly Twitter)

Media

Learning

  • RealPars: youtube channel that explains key concepts for industrial automation.

News

  • ICS CERT
  • Siemens Product CERT: investigates all reports of security issues and publishes Security Advisories for validated security vulnerabilities that directly involve Siemens products and require applying an update, performing an upgrade, or other customer action.
  • OpenCVE: OpenCVE allows you to subscribe to vendors and products, and send you an alert as soon as a CVE is published or updated.

Podcasts

  • Unsolicited Response: by Dale Peterson, one of the greatest references in the industrial security field. New episodes every Tuesday and Thursday.